Release notes for HTTP-Tiny 0.088 2023-07-11 08:52:54-04:00 America/New_York [DOCS] - Update metadata to point to new Perl-Toolchain-Gang repository. 0.086 2023-06-22 10:06:37-04:00 America/New_York [FIXED] - Fix code to use `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` as documented. 0.084 2023-06-14 06:35:01-04:00 America/New_York - No changes from 0.083-TRIAL. 0.083 2023-06-11 07:05:45-04:00 America/New_York (TRIAL RELEASE) [!!! SECURITY !!!] - Changes the `verify_SSL` default parameter from `0` to `1`. Fixes CVE-2023-31486. - `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` can be used to restore the old default if required. 0.082 2022-07-25 09:45:34-04:00 America/New_York - No changes from 0.081-TRIAL. 0.081 2022-07-17 09:01:51-04:00 America/New_York (TRIAL RELEASE) [FIXED] - No longer deletes the 'headers' key from post_form arguments hashref. [DOCS] - Noted that request/response content are handled as raw bytes. 0.080 2021-11-05 08:15:46-04:00 America/New_York - No changes from 0.079-TRIAL. 0.079 2021-11-04 12:33:43-04:00 America/New_York (TRIAL RELEASE) [FIXED] - Fixed uninitialized value warnings on older Perls when the REQUEST_METHOD environment variable is set and CGI_HTTP_PROXY is not. 0.078 2021-08-02 09:24:03-04:00 America/New_York - No changes from 0.077-TRIAL. 0.077 2021-07-22 13:07:14-04:00 America/New_York (TRIAL RELEASE) [ADDED] - Added a `patch` helper method for the HTTP `PATCH` verb. - If the REQUEST_METHOD environment variable is set, then CGI_HTTP_PROXY replaces HTTP_PROXY. [FIXED] - Unsupported scheme errors early without giving an uninitialized value warning first. - Sends Content-Length: 0 on empty body PUT/POST. This is not in the spec, but some servers require this. - Allows optional status line reason, as clarified in RFC 7230. - Ignore SIGPIPE on reads as well as writes, as IO::Socket::SSL says that SSL reads can also send writes as a side effect. - Check if a server has closed a connection before preserving it for reuse. [DOCS] - Clarified that exceptions/errors result in 599 status codes. [PREREQS] - Optional IO::Socket::IP prereq must be at least version 0.32 to be used. This ensures correct timeout support. 0.076 2018-08-05 21:07:38-04:00 America/New_York - No changes from 0.075-TRIAL. 0.075 2018-08-01 07:03:36-04:00 America/New_York (TRIAL RELEASE) [CHANGED] - The 'peer' option now also can take a code reference 0.074 2018-07-30 15:35:44-04:00 America/New_York - No changes from 0.073-TRIAL. 0.073 2018-07-24 11:33:53-04:00 America/New_York (TRIAL RELEASE) 0.071 never made it to CPAN; skipping to 0.073 [DOCS] - Documented 'protocol' field in response hash. 0.071 2018-04-22 14:45:43+02:00 Europe/Oslo (TRIAL RELEASE) [DOCS] - Documented that method argument to request() is case-sensitive. [INTERNAL] - Minor regex cleanup - Updated .travis.yml for recent Perls 0.070 2016-10-09 23:23:28-04:00 America/New_York - No changes from 0.069-TRIAL. 0.069 2016-10-05 11:35:58-04:00 America/New_York (TRIAL RELEASE) [INTERNAL] - Lazy load Carp only if needed. 0.068 2016-09-23 16:10:03-04:00 America/New_York - No changes from 0.067-TRIAL. 0.067 2016-09-14 11:43:14-04:00 America/New_York (TRIAL RELEASE) [FIXED] - Includes redirect history when issuing a 599 internal error. 0.065 2016-09-09 22:42:43-04:00 America/New_York (TRIAL RELEASE) [TESTS] - Try harder to clean up environment in t/140_proxy.t (needed for VMS) 0.064 2016-08-16 21:37:51-04:00 America/New_York - No changes from 0.063-TRIAL 0.063 2016-08-08 12:18:03-04:00 America/New_York (TRIAL RELEASE) [FIXED] - Fixed chunked transfer encoding, which previously omitted a trailing CRLF. 0.061 2016-08-05 12:10:19-04:00 America/New_York (TRIAL RELEASE) [FIXED] - Avoid overwriting 'If-Modified-Since' header in mirror() if the header already exists in something other than lower-case. [TESTS] - Normalize CRLF when reading test data files in t\150-post_form.t on Win32 0.059 2016-07-29 16:10:32-04:00 America/New_York (TRIAL RELEASE) [FIXED] - Timeout can now be set as a constructor argument again. - CVE-2016-1238: avoid loading optional modules from @INC path with `.` at the end. [TESTS] - Updated tests for a future perl which may omit `.` from the list of directories in @INC by default. 0.058 2016-05-03 11:29:57-04:00 America/New_York - No changes from 0.057 0.057 2016-04-18 10:17:00-04:00 America/New_York (TRIAL RELEASE) [ADDED] - Added support for the SSL_CERT_FILE environment variable. - Added 'peer' attribute to force a connection to a particular server. - Added 'connected' method to allow introspection of persistent connections. - An array reference of redirection result hash references is included in the final response hash reference (but only if redirects occur). [CHANGED] - Because folded headers are obsoleted in the revised RFCs, if CRLF is found in header values followed by one or more spaces, they are all replaced by a single space. [FIXED] - Per the RFC, control headers are now sent first before other headers (which are sent in arbitrary order). - Only well-known headers have their case canonicalized; all other headers are sent in the case provided by the user. - The 'keep_alive' option now also sets the SO_KEEPALIVE option on the underlying socket to help with long-lived, idle connections. - Request header field values are now validated against the RFC rules (i.e. empty or else space-or-tab separated tokens of printable characters). 0.056 2015-05-19 06:00:40-04:00 America/New_York - No changes from 0.055 0.055 2015-05-07 18:13:41-04:00 America/New_York (TRIAL RELEASE) [ADDED] - Added 'can_ssl' method to detect SSL support before trying and failing with a fatal exception. - Added support for 308 redirects [FIXED] - When specifying a custom CA file, if that file is missing or unreadable, HTTP::Tiny will no longer fall back to a default CA [DOCUMENTED] - Noted units are bytes for max_size 0.054 2015-01-27 07:18:19-05:00 America/New_York [ADDED] - Added more fallback paths to find CA files (thanks golang) [DOCUMENTED] - Fixed a typo 0.053 2014-12-11 23:42:17-05:00 America/New_York [FIXED] - Defended tests against HTTP_PROXY set in the environment 0.052 2014-12-11 15:23:54-05:00 America/New_York [CHANGED] - Proxy allowed from environment variable HTTP_PROXY (uppercase) unless REQUEST_METHOD is also set. 0.051 2014-11-17 22:58:44-05:00 America/New_York [FIXED] - Checks for threads without loading threads.pm 0.050 2014-09-23 15:30:18-04:00 America/New_York [FIXED] - Fixed CONNECT requests for some proxies 0.049 2014-09-02 11:20:07-04:00 America/New_York [FIXED] - 'keep_alive' is now fork-safe and thread-safe 0.048 2014-08-21 13:19:51-04:00 America/New_York [FIXED] - Protected proxy tests from ALL_PROXY in the environment 0.047 2014-07-29 14:09:05-04:00 America/New_York [CHANGED] - Updated Mozilla::CA module recommendation version to 20130114 [FIXED] - Fixed t/00-report-prereqs.t when CPAN::Meta is not installed 0.046 2014-07-21 10:32:32-04:00 America/New_York [FIXED] - Empty header fields are now allowed; headers with the 'undef' value will be rendered as an empty header. [DOCUMENTED] - Updated HTTP/1.1 spec description from RFC 2616 to RFC 7230-7235 0.045 2014-07-19 23:17:28-04:00 America/New_York (TRIAL RELEASE) [FIXED] - Fixed t/002_croakage.t for various operating systems. 0.044 2014-07-16 23:46:09-04:00 America/New_York [CHANGED] - Providing a custom 'Host' header is now a fatal exception. Previously, it was silently ignored, as the RFC mandates that Host be set from the URL, but ignoring it could lead to unexpected, confusing errors. - optimized URL splitting - Passing 'undef' for any proxy attribute will prevent HTTP::Tiny from setting the proxy from the environment. 0.043 2014-02-20 20:40:23-05:00 America/New_York [FIXED] - Does not send absolute request URI when tunneling SSL via proxy - Fixes regression in setting host name to verify SSL - Protects tests from https_proxy and all_proxy when doing mock testing 0.042 2014-02-18 11:23:17EST-0500 America/New_York [ADDED] - If IO::Socket::IP 0.25+ is installed, HTTP::Tiny will use it for transparent IPv4 or IPv6 support. 0.041 2014-02-17 13:07:54-05:00 America/New_York [no code change, only an amended Changes file] [INCOMPATIBLE CHANGES (from 0.039)] - The 'proxy' attribute no longer takes precedence over the 'http_proxy' environment variable. With the addition of http_proxy and https_proxy attributes (and corresponding environment variable defaults), the legacy 'proxy' attribute now maps to the all_proxy/ALL_PROXY environment variable and only takes effect when other proxy attributes are not defined. [ADDED (since 0.039)] - Added 'keep_alive' attribute for single-server persistent connections (Clinton Gormley) - Added support for Basic authorization with proxies - Added support for https proxies via CONNECT [FIXED (since 0.039)] - Requests are made with one less write for lower latency (Martin Evans) 0.040 2014-02-17 13:02:47-05:00 America/New_York [INCOMPATIBLE CHANGES] - The 'proxy' attribute no longer takes precedence over the 'http_proxy' environment variable. With the addition of http_proxy and https_proxy attributes (and corresponding environment variable defaults), the legacy 'proxy' attribute now maps to the all_proxy/ALL_PROXY environment variable and only takes effect when other proxy attributes are not defined. [ADDED] - Added support for Basic authorization with proxies - Added support for https proxies via CONNECT 0.039 2013-11-27 19:48:29 America/New_York [FIXED] - Temporary file creating during mirror() is now opened with O_EXCL for added security 0.038 2013-11-18 12:56:26 America/New_York [FIXED] - Fixed a bug where authentication parameters in the URL would override an existing Authorization header 0.037 2013-10-28 13:26:21 America/New_York [FIXED] - Basic authentication in the URL is now unescaped before being encoded into the authentication header [DOCUMENTED] - Added HTTP::Tiny::UA to SEE ALSO and suggested it as the appropriate place for new features 0.036 2013-09-25 12:10:06 America/New_York [FIXED] - Compile test could hang on Windows [PREREQS] - Dropped configure_requires for ExtUtils::MakeMaker to 6.17 [META] - Updated support files 0.035 2013-09-10 12:29:28 America/New_York [CHANGED] - Encoded from data from 'post_form' preserves term order if data is provided as an array reference. (They are still sorted for consistency if provided as a hash reference.) 0.034 2013-06-26 19:02:25 America/New_York [ADDED] - Added support for 'Basic' authorization from user:password parameters in the URL 0.033 2013-06-21 06:26:51 America/New_York [FIXED] - Modifying the 'agent' attribute with the accessor will append the default agent string, just like setting it during construction 0.032 2013-06-20 11:41:24 America/New_York [ADDED] - Added 'no_proxy' attribute, defaulting to $ENV{no_proxy} 0.031 2013-06-16 23:18:18 America/New_York [FIXED] - Fixed bug receiving 0-length content bodies 0.030 2013-06-13 11:46:15 America/New_York [FIXED] - Requests with the empty string as body content no longer generate 'content-type' and 'content-length' headers. 0.029 2013-04-17 13:49:07 America/New_York [FIXED] - Checks for new enough OpenSSL library before using SNI (otherwise IO::Socket::SSL throws warnings) 0.028 2013-03-05 14:11:57 America/New_York [SUPPORT] - Fix repository/issue links to reflect proper repo name 0.027 2013-03-05 12:02:58 America/New_York [SUPPORT] - Changed metadata to point to the chansen github repository for code and issues [DOCUMENTATION] - Added hyperlink for HTTP::CookieJar 0.026 2013-03-04 22:53:39 America/New_York [ADDED] - Added cookie support if an HTTP::CookieJar object is provided in the 'cookie_jar' attribute [Edward Zborowski] 0.025 2012-12-26 12:09:43 America/New_York [ADDED] - Agent string appends default if it ends in a space, just like LWP [Chris Weyl] 0.024 2012-10-09 20:44:53 America/New_York [ADDED] - SSL connections now auto-retry I/O after SSL renegotiation [Alan Gardner] [FIXED] - User-specified CA bundles take precedence over Mozilla::CA [Alan Gardner] [PREREQS] - SSL support now requires Net::SSLeay 1.49 or greater to support auto-retry [Mike Doherty] - Downgraded IO::Socket::SSL and related prereqs to 'suggests' again 0.023 2012-09-19 09:55:46 America/New_York [PREREQS] - IO::Socket::SSL and related prereqs changed to 'required' for dev release to get better failure diagnostics from CPAN Testers [TESTING] - Skip live SSL testing unless IO::Socket::SSL 1.56+ installed 0.022 2012-06-01 23:31:40 America/New_York [ADDED] - Supports local_address option to set local socket interface [Chris Nehren, David Golden] 0.021 2012-05-15 22:38:57 America/New_York [TESTING] - Skip live SSL testing if $ENV{http_proxy} is set 0.020 2012-05-14 15:24:37 America/New_York [TESTING] - Capture prerequisite versions under AUTOMATED_TESTING to help chase down some failures from CPAN Testers 0.019 2012-05-14 07:14:00 America/New_York [ADDED] - Require IO::Socket::SSL 1.56 (which added SSL_hostname support) when doing HTTPS. [Mike Doherty] [TESTING] - Provide better diagnostic output in t/210_live_ssl.t [Mike Doherty] 0.018 2012-04-18 09:39:50 America/New_York [ADDED] - Add verify_SSL option to do more secure SSL operations, incl. attempting to validate against a CA bundle (Mozilla::CA recommended, but will attempt to find some OS bundles). Also add SSL_opts, which passes through IO::Socket::SSL's SSL_* options to control SSL verification. (GH #6, #9) [Mike Doherty] - Reponse hashref includes final URL (including any redirections) [Lukas Eklund] 0.017 2012-02-22 21:57:37 EST5EDT [DOCUMENTATION] - Clarified how max_size exceptions work [rt.cpan.org #75142] - Clarify that 2XX is success for most methods (except mirror where 304 is also success) [rt.cpan.org #75141] 0.016 2011-10-26 23:05:50 America/New_York [BUG FIXES] - Fixed Perl 5.6 compatibility by emulating utf8::encode [David Golden] 0.015 2011-10-26 16:42:26 America/New_York [BUG FIXES] - Make sure PERL_UNICODE doesn't affect PUT test data [Tony Cook] [DOCUMENTATION] - Fixed typo 0.014 2011-10-20 13:54:13 America/New_York [NEW FEATURES] - Adds additional shorthand methods for all common HTTP verbs (HEAD, PUT, POST, DELETE) [David Golden] - post_form() method for POST-ing x-www-form-urlencoded data [David Golden] - www_form_urlencode() utility method [David Golden] 0.013 2011-07-17 23:14:22 America/New_York [NEW FEATURES] - $ENV{http_proxy} support added [Claes Jakobsson] [OTHER] - Internal/private errors converted from "croak" to "die" as internal errors are caught by "eval" 0.012 2011-03-31 15:48:02 America/New_York [BUG FIXES] - mirror() now uses binmode during output (RT #67118) [Serguei Trouchelle] [DOCUMENTATION] - noted that SSL certificates are not verified against CA's (RT #66907) 0.011 2011-03-19 20:48:39 America/New_York [BUG FIXES] - Made t/000_load.t less verbose under harness (RT#65507) [Dave Mitchell] - Removed 'Errno' as an explicit prefix (it is a core module, but not indexed by PAUSE, which might confuse some installers) 0.010 2011-02-04 02:45:31 EST5EDT [BUG FIXES] - Fixed test errors on VMS (RT#65430) [Craig Berry] 0.009 2011-01-17 16:29:22 EST5EDT - Added workaround for IO::Socket::SSL certificate verification bug - Minor documentation improvements - POST example added to the eg/ directory in the distribution tarball 0.008 2011-01-14 06:34:55 EST5EDT - Added support for direct 'https' connections if IO::Socket::SSL is installed - Added support for a callback to provide trailing headers for chunked transfer encoding - Data callbacks receive the response hashref as a second argument for greater flexibility - Additional limitations documented 0.007 2011-01-12 04:56:16 EST5EDT - Added support for redirecting 303 and 307 response codes - Retry (once) a request that fails due to a closed socket (per RFC2616 8.1.4) - Automatically sets request Content-Type to 'application/octet-stream' if there is content the user has not defined its type - Trailing headers from chunked transfer encoding are now merged into the response headers instead of ignored - Improved handling of malformed or unsupported HTTP protocols - Expanded http:///.../ as http://localhost/.../ and set Host header - Documented that URL's must be escaped/encoded - Documented that the headers hash option may contain an array reference to output multiple values of the same header field - Improved documentation of limitations - Added numerous new tests to ensure compliance with the HTTP/1.1 spec 0.006 2011-01-10 07:28:11 EST5EDT - Transfer-Encodings are case insensitive - Add additional test for proper behavior when both Content-Length and Transfer-Encoding headers are received 0.005 2011-01-08 06:32:05 EST5EDT - Fixed bug getting content for servers which do not sent Content-Length - Add test coverage for get(), mirror() and request() - Add test coverage for requests with static and generated content 0.004 2010-12-15 22:53:59 EST5EDT - Renamed 'ok' response field to 'success' - Handle all required HTTP/1.1 date formats - Documented how callbacks are supposed to work 0.003 2010-12-15 12:30:42 EST5EDT - Added 'ok' response field to simplify checking success - Added a 'mirror' method mirror content to a file, but shortcut if not modified 0.002 2010-12-13 21:59:39 EST5EDT - Added some initial documentation - Skips utf8::* code on Perls older than 5.8 0.001 2010-12-11 07:59:16 EST5EDT - Initial CPAN release # vim: ts=2 sts=2 sw=2 et: